问题
I wrote this piece of code and was expecting a segmentation fault quicly, but it seems I am allowed to access pieces of memory I shouldn't be able to.
#include<stdio.h>
int main()
{
int tab[1];
tab[0]=42;
int i;
//Expecting Seg Fault from i==1...
for(i=0;;i++)
{
printf("%d \t %d \n", i, tab[i]);
}
return 0;
}
I am compiling using:
gcc -Wall -Wextra my_code.c -o segfault && ./segfault
Upon execution, variable i
reaches values of order 1000 before I get my Segmentation Fault.
My question is: Why am I able to read tab
so far ?
PS: Using #include <stdlib.h>
and declaring int * tab = (int*)malloc(sizeof(int));
doesn't change anything...
Thanks, bests.
回答1:
Your array tab
will be located someplace on the stack. When you print past the end of the array, you are actually printing values of other memory locations on the stack.
The reason it takes around 1000 iterations to get the seg fault is that the stack is mapped in pages, and pages are usually 4 KB in size. Once you read around 1000 ints, you are around 4000 bytes past where you should be and you have crossed over to an unmapped page. Reading from an unmapped page is what actually triggers the seg fault.
Take note that I am only explaining what happened on your system. There is no guarantee that the stack will be mapped in pages or that the pages will be 4 KB in size. Technically, you are triggering undefined behavior and anything can happen. You might find it illuminating to do printf("%p\n", &tab[i]);
on each iteration and see what is the last address it prints before you get the seg fault. If I was right about the 4 KB pages, the last address you see printed will end in ffc
because that will be the last 4 bytes on the page.
回答2:
When you're using out-of-bound memory, you'll be facing Undefined behavior. You cannot define something called Undefined behavior
.
In your case, it is happening at i = 1000
s, in others' case it may very well happen at i=347
or so..
Segmentation fault is the result of accessing memory outside the allowed stack address space of your program. it may run properly and surprise you with apparent proper working if you finish your execution within that memory range. an out-of-bound
access may produce vaild memory access till the point you're not crossing the stack memory region.
Consider yourself lucky if you get a segmentation fault, because that tells you, something's wrong. Otherwise, you have no idea of the resulting horror.
Note: as a suggestion, the question title should be changed to .. comes up very late
or something simmilar
回答3:
You are accessing outside the boundaries of tab
, but you are still in your own stack space (probably because a stack frame is larger than a byte). You have full read / write access on your own stack. This is in fact the reason many cracks are possible.
The segmentation fault occurs when your are going out of the bounds of you own stack. That's the moment you try to access a segment that's not yours (hence the name "segmentation fault").
回答4:
Accessing array out of bound will cause undefined behavior.
You are seeing this at i=1000
Check this link: How dangerous is it to access an array out of bounds?
回答5:
Accessing beyond the end of an array is undefined behaviour. Anything may happen. It may work, it may fail, it may reformat your hard drive or it might post questions on stack overflow.
Sometimes it seg faults
来源:https://stackoverflow.com/questions/27269265/segmentation-fault-doesnt-come-up-immediately-after-accessing-out-of-bound-memo